Working in the TLS corners of the backend, I found while re-reviewing and re-testing for the release that this patch actually was a small, but vital, brick shy of a load. The error handling is always invoked due to a set of missing braces. Going into the check will cause the context to be freed and be_tls_open_server error out. The tests added narrowly escapes it by not setting the max version in the final test, but I'm not sure it's worth changing that now as not setting a value is an interesting testcase too. Sorry for missing that at the time of reviewing.
cheers ./daniel
minmaxproto_guc.patch
Description: Binary data
